[Swan] SARef patch for newest Linux kernel.
Paul Wouters
paul at nohats.ca
Mon Jul 14 18:48:40 EEST 2014
On Mon, 14 Jul 2014, CpServiceSPb . wrote:
> Subject: [Swan] SARef patch for newest Linux kernel.
>
> I have 3.13.0-30 Linux kernel installed of Ubuntu 14.04 OS.
> Do I need anyway patch for such new kernel or it is already have it ?
> Where/how can I get/make it to the kernel version ?
Yes, the SAref will never get merged into the upstream kernel.
A patch can be generated using "make sarefpatch" but it might not work
very well depending on upstream kernel changes. At times, we provide
new SAref patches in the patches/ directory.
https://github.com/libreswan/libreswan/tree/master/patches/kernel
You can try to use the latest version we have, 3.11.0-15.25
A better solution is to migrate away from KLIPS/SAref and L2TP/IPsec
and use XAUTH/ModeConfig that does not require any kernel patching:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
See also: https://libreswan.org/wiki/Using_NSS_with_libreswan
All modern devices support XAUTH. The notable exceptions are many
Windows versions and Android 2.x.
Paul
More information about the Swan
mailing list